1. Field
The disclosure relates generally to an improved data processing system, and more specifically to a method and system for authenticating a remote host to a firewall without requiring user intervention.
2. Description of the Related Art
Networks implementing distributed data processing systems, and in particular the Internet, have attained a widespread diffusion in the last years. A major concern of using the Internet or other public networks in conducting business is that of exposing an organization's internal private network to the outside world. Several security issues are raised by these kinds of applications, which involve attachment of the (secure) private network of the organization to the largely uncontrolled environment of the Internet. Particularly, the organization must be protected from intruders attempting to gain unauthorized access to the private network or attempting to compromise its operation.
Most security measures involve the use of a firewall. A firewall consists of hardware and/or software that monitors and controls data traffic between an external network and an internal private network based on an access control policy. Data traffic such as HTTP (Hypertext Transport Protocol) requests that enter or leave the private network will pass through the firewall, which allows only certain traffic to be transmitted as specified by the access control policy. Firewalls are useful to prevent certain types of network traffic from reaching devices that reside on the internal protected network. For example, the firewall can examine information in the received data packets to stop certain types of information that has been previously determined to be harmful, such as virus probes, broadcast data, pings, etc. As an additional example, entities that are outside of the internal network and lack the proper authorization may attempt to discover, through various methods, the topology of the internal network and the types of resources that are available on the internal network in order to plan electronic attacks on the network. If the firewall determines that data messages from the external network comply with the access control policy, the firewall will forward the data messages to the target device in the protected network. Otherwise, the data messages will be blocked by the firewall.